Extracted

• • Target

    Swift-pago.pdf.exe

  • Size

    38.0MB

  • MD5

    08a5400c20f882346a1f2b9e04cff8d2

  • SHA1

    2cadd3ff90433197824a547ece57da36435fb64b

  • SHA256

    33908ca6bf57c6bbb1375a3d58f4bd5c490451cfad130aaacd61e08020c94e00

  • SHA512

    73bbec6ba2c7127c9b65e99b16e202eedc38c0f1e9d8e6e497e211bfb45ced47e5d7db5e17205d92cc064651610d15a815449f036e01f0616b7e175ce5b1a612

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2